3 matches found
GHSA-M79R-R765-5F9J Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Summary We identified a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating ...
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Summary We identified a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating ...
CVE-2025-59417 Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...